Around the 0.18 or 0.19 release, the MythWeb module was heavily rewritten. It became a lot more powerful, but the side effect was that it broke compatibility with the reverse-proxy module in Apache 1.3. It would still work, but you had to mirror the MythTV's web server directory tree structure in the firewall. The 1.3 proxy modules could only rewrite HTTP protocol headers. An Apache module, mod_proxy_html, exists to rewrite links inside the body of an HTML document, but it was only compatible with Apache 2.0 and later. I didn't get around to upgrading from 1.3 until I was forced to rebuild the services/firewall host this spring when the original box began to die. The solution works very nicely, but I had a couple of speed bumps worth documenting...
MythWeb lives at http://isn2.figure1.net/mythweb/. Of course you can't see that, it's on a 192.168.0.0/16 network. So I can't see it from work, or from school, or from... anywhere beyond my living room. Which was the point. So I have Apache on my server host doing reverse-proxy work to let me at it as http://web.figure1.net/isn2/mythweb/. (This way, I can also reach any other services that live on that box.) This is the Apache 2.2 configuration to pull it off:
# libxml2 required for proxy_html LoadFile /usr/lib/libxml2.so LoadModule proxy_html_module /usr/local/libexec/mod_proxy_html.so # mod_proxy_html requirements Include /web/conf/extra/proxy_html.conf <IfModule proxy_module> <IfModule proxy_http_module> <VirtualHost *:80> ProxyRequests off # Proxy through to isn2 # Let me reach the internal net MythTV box from the outside world ProxyPass /isn2/ http://isn2.figure1.net/ ProxyHTMLURLMap http://isn2.figure1.net /isn2 <Location /isn2/> Order Deny,Allow Deny from all Allow from 192.168.0 Allow from 127.0.0.1 ProxyPassReverse / ProxyHTMLLogVerbose On SetOutputFilter proxy-html ProxyHTMLExtended On ProxyHTMLURLMap / /isn2/ ProxyHTMLURLMap /isn2 /isn2 RequestHeader unset Accept-Encoding </Location> </VirtualHost> </IfModule> </IfModule>
I've deleted some extra
Allow from ...
lines that enable the high school and my office, but with that setup, it's reachable from, say, an ssh-tunneled port or protected proxy server. It's important to include the proxy_html.conf
file that comes with the mod_proxy_html distribution. Without it, links contained in stylesheets and JavaScript will not be properly rewritten--breaking MythWeb entirely! Also, libxml2.so
might live somewhere else on your system, so check its location. And for God's sake, turn on authentication in mythweb/.htaccess
on the MythTV box. No sense letting everybody at work tweak your recording settings. (And remember, the realm component of htdigest authentication is case-sensitive. It MUST match the AuthName
setting in .htaccess!